Posted
by
Hemos
on Friday March 10, 2000 @01:39PM
from the who-are-the-evil-guys dept.

pluteus_larva writes "According to this CNN story, an interagency report released by the Clinton administration claimed there is no need for new laws to prosecute the bad guys. Apparently lots of "top industry executives" were involved in the outcome of the report; Janet Reno was flanked by Commerce Secretary William Daley and some lawyer from AOL at the press conference where the report was released. "

I spend a week unfucking and securing a network that a script kiddy got a hold of and the fbi's response is basically 'we don't get involved in anything where less than $40k damage happened.' What's the recourse? Getting someones dial up account cancelled by kerking around with their isp? Whoopty doo......

You guys can mod me down for being Off-Topic all you want. I don't give a damn about karma. I want an answer as to why those cookies are being stored and where Rob Malda is getting the information. You people need to know this. Don't blindly mod me down without thinking about the ramification.

Let's not prosecute or even investigate internet attacks, we might find out that China is the one committing the crimes. We wouldn't want anyone to limit Clinton's second income. Of course we do need at least a billion more gun laws that don't do anything.

What about the crackers from other countries? The Russians 'claim' to be able to crack any US server at any time they want. How will we prosecute them? This is all just a bunch of crap designed to make big business feel better. In reality the government doesn't have a whole lot of options when it comes to crackers. They'll just keep using "reports" like this and examples like Kevin Mitnick to scare potential script kiddies.

What I'd like to know is what would happen if I set up a server running Linux on an IP from my ISP and it is cracked into. Will Janet Reno and her crack crew of lawyers spring into action for me? Doubtful.

Hmmm. It's nice to see that the americans are starting to come to their senses about the web - it is good, it is big, but it is essentially another form of communication, like telephones and post, and can be dealt with accordingly. I *would* question their assumption that all web-criminals are also likely to be american though - not only is it insulting to americans, but may lead law enforcement into a false sense of security - give it to the FBI, they will track down the varmit no matter which state he hides in:+)--

How wonderful that the government decides, for once in its existence, that no new laws are needed. Given that existing federal law permits the FBI to drive a tank through the side wall of your home and CS gas you until you suffocate and die, I would hate to see what the "new" laws would provide. Perhaps the freedom to cook up a little "Crystal Night" of your own...

I still maintain that the government should leave the Net alone. If there are no laws to let lax security administrators have the post-coital satisfaction of having skr1pt k1ddy5 hanged, at least we don't have to, say, have equal racial representation in every photo posted in a corporate website. Government intervention, like stuffing a hamster up your own ass, seems like a good idea intially, and can even feel good for a moment, but when the beast goes crazy it's a world of pain and sadness...

You know, its funny, really, that government thinks there are enough laws to fight cybercrime. I'm sure that this isn't a statement about the laws that exist, but a statement about the ones that don't. Does anyone know of good laws that fight cybercrime without throwing privacy out the window? Neither does government, and this is just a reflection of that. Punishment is certainly harsh enough, when someone who just mentions an attack can make front page world news. -- Moondog

A lot of this legislation is completely misguided, and often rooted in the hands of people who are completely clueless about what they are talking about in this area.

Many of the government's decisions in relation to anything computer related of late have seemed irrational, misguided, and harmful. Much of which shows a high degree of paranoia, and a lack of knowledge about the subjects at hand.

I hate to see a politician stand up at a podium and spout about how our world is at the mercy of "hackers." Or how "dangerous" those damn DoS attacks were a couple of weeks ago.

If this doesn't stop, this world won't be a safe place for anyone, us in particular. We'll have big software corporations that can shut down our computer for not renewing a site license on their screensaver package, they already passed the ever damned UCITA in my state (Virginia), people will be able to seize my computer because my third cousin was suspected of using a banned encryption algorithm in his sappy love letters to his girlfriend, and in general, we'll take a nice smackdown every day and beg for more because everyone who votes will be too dumb to figure out what the hell any of this means, and they'll cry when someone says "HACKER."

Ok, this is probably a bit much. But still, even talking like this, and showing this much ignorance, and passing misguided laws that smack of a lack of understanding and paranoia... It just irritates me.

According to one of the conspiracy theories that made the rounds immediately following the DDoS attacks, the attacks were secretly coordinated by Clinton's administration in order to cause a flood of panic in businesses that would lead to a toughening of cyberlaws and the imposition of a cyber-New World Order. Ah, drat... I guess this report means it's not true.

Another conspiracy theory shot down in flames... Along with the theory that the Y2K panic was another such opportunity for the US Gov. The Right-Wing needs to review their conspiracy cookbooks!

On a side-note, I first read the title as, 'GoD Says Existing Laws...' Guess watching God, the Devil and Bob left a mark on my impressionable mind.:)

Did you have any expectation that they'd set up legislation that would mandate that if your PC gets hacked,

Janet Reno and her crack team of commando lawyers spring into action?

I don't even consider their rejection of creating new legislation to be "putting their heads in the sand." It is not an unreasonable idea to try to apply the existing laws.

It's fairly silly when legislators make up new legislation (that will never be enforced) in order to make it look like they're doing something about a problem to which existing laws ( that are also not being enforced) already apply.

> Rob Malda is selling us out. I found these > following cookies that slashdot stores:

Yeah, right.. You forgot one though...

is_idiot

It's a boolean cookie....

> I want an answer as to why those cookies are > being stored

Rob is actually a lab mouse and this is all part of his master plan to take over the world..

> and where Rob Malda is getting the information.

He gets his info from Santa Claus [santa.com], of course. Santa runs a huge database in conjunction with Doubleclick and Microsoft to track everyone and find out if they're naughty or nice. Much easier than the old fashioned way.

Government intervention, like stuffing a hamster up your own ass, seems like a good idea intially, and can even feel good for a moment, but when the beast goes crazy it's a world of pain and sadness...

I must say that that's one of the most disturbing analogies I've heard in a while.

Oh yeah, I meant to say "Thank God they said this"...BUT, also, a lot of the application of existing laws is misguided, and will lead to the downfall of western civilization:-) Also, to hear Reno and a bunch of others talk a few weeks ago, what do you think? Right...

Thanks for the explanation. You have to understand that seeing those cookies is very disturbing to say the least. I hope it is some kind of joke. I just wonder why they weren't deleted if it was intended as a joke.

For this administration, there can never be too many laws. Just wait until Mr. Gore discovers that this beast he created is far too evil. I picture a McCain sort of moment at a town hall meeting, a mother in tears steps up to a microphone and tells the horrors her family went through because little Jimmy was on a chat room and some old guy sends them a nude picture of himself.

Then the Internet will be upgraded to the status guns and tobacco are today. Who cares if the Columbine boys broke some 20ish laws, or if the drug addict mom/uncle of the Michigan six year old would ever pay attention to laws? Politicians will get up to their podiums during this race and proclaim more laws to not be enforced. No report like this will live long when it's an election year.

This has to be a perfect example of lobbying at its finest. I mean how many of you think Bill Clinton would pass on creating any new laws to restrict the people. If it werent for the fact that his buddy Al Gore is running for office, you can bet this article would be reversed.

The fact that AOL/Time Warner had anything to say about it, Im sure means nothing *grin*.

Okay, they say they don't need new laws to prosecute/catch cybercriminals, yet, as this article [wired.com] stated (I think nthis was also on/. the other day), they want to possibly eliminate privacy online? Isn's this a little weird/stupid or am I the only one?

It's early and this is off the top of my head, so, if it's too stupid, be kind...

Why don't the corporations start paying these hackers who do these types of things? If you think about it, the only thing this "script kiddy" did, in the big picture, to your network was make it stronger. Sure, he made you work hard for a weekend, but, if you're network was weak enough to go down from this in the first place, it was going to happen eventually. And now, I'm sure, you got the network back up, and at sufficient enough strength to withstand the same kind of attack in the future.

Here's what I see (right now):

So the businesses start paying these types of hackers. Networks go down all over the place as hackers succeed in their job. Alright, so that's a negative for the businesses. However, it's also a plus. It's better to have your security breached by someone on your payroll than by someone whose sole purpose is malicious. Businesses then pay their sysadmins to work out these security problems. Networks get stronger everywhere. Less networks get hacked into. Security improves everywhere.

The biggest advantage I see to this, though, is not the security. By making the general hacking of a network acceptable by paying hackers to do it, it becomes easier for businesses and the government to prosecute those people who do do it for malicious purposes. And to make it encompass everybody (as in, make anyone who hacks your network susceptible to this), the hackers aren't employees of any one company. Instead, it could be more of an at large type thing.

Look at it this way: If you're paying someone to break your system, it becomes only a matter of an employee stealing company files when this person (who is getting paid to hack) hacks into something vulnerable and steals credit card numbers (or whatever). The prosecutors don't have to worry about internet law anymore; they already have all the precedent they need with normal business/employee law.

I'm sure there are a lot of problems in this, but it's an idea worth discussing further, I think.

Check out the C|Net version [cnet.com] of the story or the Wired version [wired.com] and you'll see that the goverment is still at least considering new rules and regulations - including some that would severely threaten the online anonymity we all take for granted.

You can read the DOJ report for yourself here [usdoj.gov]. CNN is somewhat correct - it does say that "existing substantive federal laws appear to be generally adequate." However, it emphasizes the dangers to security posed by anonymity, and it does not shut the door on new laws.

New laws just mean more people will be guilty of something. What people should be focusing on is prevention. Due dillegence my friends!

Where I live, there is still a law that says if the Sherrif asks you to leave town, he must provide you with a horse with saddle and blankets, bedding, a weeks tack and a 30-30 rifle with 10 rounds of ammunition. Imagine trying to enforce that one!

New laws in the US just mean more people from outside the US will be hacking US servers. "But the FBI will haul their asses in." Yea right. Let's see the FBI arrest someone from Cuba, China, or Russia! *[Ooooh we're breaking US laws!] *translated from Mandarin

It's good to see they aren't going to waste their time with more laws that won't work. What they need to push are sites that deal with security! How to lock down those B2B servers!

Uh, the UCITA has yet to be enacted anywhere. Furthermore, uniform acts are designed to be enacted as state law, not federal law (e.g., uniform partnership act, uniform trade secret act, uniform common interest development act). The federal government is really powerless to do much about the UCITA, unless it passes a similar act that would preempt the UCITA, which is somethign that Congress doesn't do on a very frequent basis.

All in all, I'm impressed by the report's conclusion. What worries me still is that more laws will be pushed forward anyway.

Freedom and Liberty have been known about for quite some time, but we've not been a free country very long. Civil rights were won in the sixties. That was not so long ago. We've been talking the talk for quite some time, but we've only started to tiptoe the walk of freedom.

The net is a new opportunity. We have a great idea, we take for granted that it is free. No, that is not quite the truth. We feel sorrow and anger when someone threatens are ideal perception of what the net is. There is nothing intrinsic about the net that makes it free. It was simply largly constructed by scientists and engineers who are used to free exchange of ideas and aren't quite the control freaks a lot of these well meaning normals are.

We'd rather be a free people than not. I think when asked, even many in the government would prefer that. I see a lot of anti-government posts here, and I get the feeling from their hostility they would rather have a government that they can yell at and be angry at than not. Strange to me. I don't like to be angry.

I caught them a few months ago and realized they were a joke. I wrote CmdrTaco about it, and he said it was part of an April Fools joke. I figured everyone else knew about it and I just missed it till November.

The attorney general likened the current dilemma to a modern day "Wild West."

"Perhaps it's a little like the Wild West in the development of America [with some] who say, 'Let not government be involved.' But there was also the marshals and Wyatt Earp and others who brought some order to it."

The Wild West indeed. Allow me to extend your metaphor, Ms. Reno.

For many years before the West was Wild, Native Americans lived there in relative peace and harmony with the earth and each other. There was no money. There was no need for written laws. Then, profit-seekers, outcasts and jerks from the east decided to head west to seek their fame and fortune. When they arrived, they walked around the place like they owned it, imposing their laws and ideologies; taking more and more away from the native peoples, until the land was no longer theirs at all.

Sound familiar?

We were here first, Ms. Reno. The US government didn't need to pass any laws that were specific to the Old West. Just imposing existing US law then was enough to ruin it for the original residents. Now how does that saying about history repeating itself go?

This smells like an election year stunt. I don't believe that they are sincere. Just last week they were attacking "cyber-terrorists" and calling for more law enforcement powers and the end of anonymity. This is nothing more than trying to make friends in the tech sector for Al-Gore Jr. If he gets elected, he'll be back on the Internet control bandwagon the next day.

I'd rather have new laws that are well thought out and do what they're supposed to then no laws at all.

I'd like laws that protect my personal information and privacy, yes some old laws cover this but they don't cover the scope or were not written with the abibity to transfer mass amounts of data with little effort.

I'd like laws that prosecute faulty software. Software that doesn't do what it's supposed to or does something more then it's supposed to. I'd like a law the outlaws net taxs, most net sales still use UPS or such, wouldn't be easier to tax them?

I'd like the laws to be enforced by the UN so there isn't any jurisdiction crap, if someone in the US steals credit cards from germany I'd like there to be just one jurisdiction it falls under, not multiple.

I'd like investigators to just copy my hard drive rather then impounding my computer, or atleast give me the dollar value of my equipment when it was impounded.

I'd like a law that says any crpto that can be cracked wasn't a good one in the first place and it's the corperation's problem for not protecting their data.

I'd like to own anything that resides on my computer, if I want to decompile a filtering software to see what it filters, I should be able to.

But most of all I'd like only as many laws as needed to protect the people on the net, not the corperations.

Does it bother anyone else that Reno has been touring with this "top AOL lawyer"? I dunno, I just get this mental image of a demonic figure standing in the shadows just to the rear-left, his eyes glowing a pale red...

I understand why AOL is interested in the prospect of new legislation, but to be making public appearances? Does the Administration think that this corporate poster-boy lends them some credibility or something? I'd feel better about seeing John Perry Barlow.

My God, you are one angry, bitter person. I feel sorry for you. You must be a very unhappy, unsatisfied person. Hopefully, things will start looking up for you.

As to your comment regarding the obviousness of the cookies being a joke, I apologize for not knowing Rob's sense of humour.

As to your assertion that it's not possible for slashdot to know my personal information, you may technically be correct on that. But if you've been following the doings of DoubleClick, there are ways to match your information to databases of info that do have your personal information.

While old laws can be used to prosecute, what does need to happen is the laws need to be made uniform and not at the mercy of uninformed technophobes. If Johnny gets nabbed running script kiddie files on Corporate Server, then the punishment should be relatively uniform and reasonable.

I hate using a cliche, but take the Mitnik case. He got nabbed doing nasty things or having someone else's data. Yes, he should've gotten his peepee slapped. 3 years probation, requirement that he goes to school or secures gainful employment, and maybe 30 days in the local slammer. 4 years? Imbecilic.

I noticed that Ryan said he and his colleagues in the Information Technology Association of America are committed to working with the government "to balance the privacy interests" of users with the need to find "those who seek to abuse it." What about privacy abuses like Doubleclick's tactics? How about companies like Symantec secretly sending out data about your computer? (See previous story about Peacefire for details)

Someone up the thread noted that the FBI won't get involved when the theoretical loss was less than $40K. No wonder the losses are artificially inflated! I bet, though, that these companies that scream they lost millions will 'forget' to include the loss when they report their data to the FTC or shareholders, which is also illegal and against FTC regulations. As an example, I give you Sun Corporation... They said Mitnik ripped off millions, but did not report it to the FTC or shareholders. What happened? Not a damn thing.

As an aside, I am not a Mitnik fanatic, I just used the examples because I was familiar with them.

If you think about it, the only thing this "script kiddy" did, in the big picture, to your network was make it stronger. Sure, he made you work hard for a weekend, but, if you're network was weak enough to go down from this in the first place, it was going to happen eventually. And now, I'm sure, you got the network back up, and at sufficient enough strength to withstand the same kind of attack in the future.

That is true, and is what I pointed out to the client - 'you may be in a bit of a huff from this happening, but you are better from it.'

In this particular case I was brought in as a consultant by a nonprofit organization, so I didn't charge my usual rates. What really ticked me off was law enforcement's unwillingness to help a non-corporate entity solely because of a lack of sufficient financial damage. That's not what they're about - making money - but they were significantly crippled operationaly, and needy people were hurt by it. As a side note, another aspect that pissed me off about the episode is why it happened: an older gentleman that does most of their tech stuff thought he would give linux a try as their file server in a windows environment and was delighted that he was able to get it configured and working by himself without much pain.... well, he simply had no idea that the red hat installation had opened up ports he just didn't need (or what a port is for that matter) and that by default it is pretty freaking insecure after installation. So he got a bad impression of linux. I explained that NT was flawed by a factor more, but it ticked me off a bit. Open bsd and linuxppc seem to have the right idea in having most services basically shut down until someone comes along and enables them. Mandrake, I've noticed, has a security level setup as part of their install - I hope to see this kind of thing become more of a standard....

If I had a penny for every time I read a "This is all just a bunch of crap" comment...

This isn't a bunch of crap, this is life. A few days ago everyone was decrying the DMCA for being a bunch of crap designed to solely benefit big greedy corporations. Now the Clinton administration states that existing laws are sufficient, and THIS is a bunch of crap done for the businesses.

Not to mention the 20 some odd completely irrelevant posts about cookies I read through. I'm starting to forget why I visit this place so much:) I'm not trying to be an asshole but I think there's more "crap" in this here thread than the new report that this forum is supposedly about./RANT (This is a relatively early post.. I have faith there will be lots of good content in this thread given a few hours to simmer.)

"The world is changing every day; the only question is who's doing it.

I think that trespassing, larceny, and breaking & entering pretty much 99% of cybercrime... Just stick the term "computer" in front of each of those, think up some suitable penalties, and that sounds like a reasonable penal system.

That doesn't throw privacy out the window.

Nor does mandating that all ISP's set up their machines to log who has which IP address in the event that one day the FBI needs to track down the next great DDOS d00d... It's really not that bad, i don't think, so law as everything is phrased correctly.

Rather than lobby against any and all government intrusion on the internet, which is going to happen no matter how much every doesn't want it to, why doesn't everyone think together, try to figure out what they're trying to accomplish (no super-conspiracy theorists, please!) and work with them to ensure that they can have what they want while we keep what we want?

dude, I'm being very serious. I'm not trolling, honest ! It appears that it was a big April Fool's joke that I missed. I usually don't pay attention to cookies but I'm very recently become interested in them.

We'd rather be a free people than not? I'm not so sure of that, at least in the absolute sense. I seem to recall that in the general populace, there *isn't* a lot of outrage when fundamental freedoms like those guaranteed by the Bill of Rights are grossly infringed upon. We note, for instance, that the first amendment requires that the freedom of speech will not be abridged. This does not specify only *popular* speech. This does not specify only *friendly* speech. It means *all* speech. That includes bigots, radical Stalinists, fascists, the criminally insane, and what not. This includes hostile speech. This includes practically everything short of slander or speech that violates contractual agreements like oaths of secrecy, and certain immediate safety issues like pretending to hijack a plane, all of which tie into other offenses.

Is there outrage 'bout this, in general? Not really. We've got a climate where, apparently, encouraging sensitivity has precedence over freedom.

If memory serves, the President has been rather intellectually dishonest in blatantly exploiting the case of the Michigan juvenile shooting, calling for measures that, according to rational thought, would be irrelevant -- considering that the shooting was not an accident, and that the main actors were not exactly law-abiding citizens of the sort to, regardless of law, have proper keeping of their firearm(s). I've not seen a lot of outrage 'bout this, either.

If you, say, listen to Brokaw or Rather, then we might conclude that the plight of a river salmon, is worthier of a spotlight than anything that might in the slightest jar people out of their complacency regarding the Constitution.

THIS sort of behavior, by both media outlets and the Government, has earned at LOT of distrust over the years. When CNN downplays the possibility of new laws, while other sources consider the same data and spin it more cautiously, and given that it's an election year (thus leading naturally towards excess), expect some irritation and distrust.

Did you have any expectation that they'd set up legislation that would mandate that if your PC gets hacked,

No. It's just funny to see this show of farce, I mean force, by the DOJ. They are basically saying that they will use existing laws to punish crackers. Fine. My point is that if my house is broken into the local police will investigate even minimal damage/loss (I know cuz it happened, I lost $70 to a burglar who threatened to shoot my brother who caught him in the act even though he didn't have a gun). If my computer is cracked into nothing will happen. This report is merely hot air, unless your computer/data is worth $40,000+ and then it means someone might care. It doesn't mean that they can do anything about it.

It is not an unreasonable idea to try to apply the existing laws

Sure, if it involves an US server being cracked by a US citizen. Outside of that, what will happen? Nothing. The foreign government has to cooperate with US authorities. Do you think that will happen in places like Russia or the Middle East? Did they catch that guy who stole the database of credit card numbers? They know who he is... Why won't they do anything? Because they can't. He's in Russia (I think). Unless someone else knows different, in which case I'll stand humbly

a problem to which existing laws... already apply.

This isn't legislation. This was a report designed to make Americans feel better about what is being done about crackers. Maybe they don't realize it, but all it will do is lull corporate America into believing that they are protected.

This is another example of legislators who think that the Internet doesn't stretch beyond our borders. Sure we invented it, but it's way too late to try and control it. The emphasis should be on educating Sys Admins on how to secure their network better rather than telling them they can rely on the DOJ to handle problems after the fact. --

They're the 'dot-com' slimes, the 'e-tailers'. The AOLusers and the chat-room addicts. They're the spammers that force us to read through pyramid schemes and 'Swiss penile enlargement' advertisments at the breakfast table, the morons that brought Usenet to it's knees.

And what can we do? Some of their new ways are appealing. They've brought a new brand of e-booze that many of us are so satiated with we've forgotten. Unlike the 'Wild West', the natives are better armed than the invaders. DoS them into nonexistance whan they screw around. Shoot 'em in the knees with bans, 'spammer go away' and respond with like flame. Do not go quietly..

> We'd rather be a free people than not. I think > when asked, even many in the government would > prefer that. > I see a lot of anti-government posts here, and I > get the feeling from their hostility they would > rather have a government that they can yell at > and be angry at than not. Strange to me.

Not strange at all. We have had a government all our lives (and for several centuraies/millenia previously). People are USED to government and feel secure with one.

I remember a social psychology course I took in colledge. People dislike not being free to some extent...they will complain about lack of options. However, psychologically, they feel more secure and satisfied when they don't have to make choices. They actually feel better knowing that the choice is already made.

How many police are there per capita? maybe a hundered police per 100,000 people? They are not omnipresent. Yet...we are instilled with this constant safe feeling knowing "they are right around the corner". Talk to anyone and ask them "At 4 am, when you come to an intesection and stop at the red light, you see no cars comming from anywehre...why do you wait for it to turn green?"

The standard answer "Cuz if I don't I could get a ticket". There is no logical reason to sit there. There are no police anywehre in view...yet we conform because we have been trained to. That is the essence of Authority.

> I don't > like to be angry

That reminds me of the Hitchhikers Guide: (paraphrase) "To combat this unhappiness people developed systems which involved moving around small pieces of green paper, which was quite curious because it wasn't small peices of paper that were unhappy to begin with"

Nah, man. The Indians were just hippies deep down. Peace, Love, not war. They wore mocassins and beads, just hung out at their teepees smoking, just like hippies. It's not like hippies went around killing people. Er wait, maybe a few. And scalping was just their attempt to reach a hand out and say, "I like your hair, let me study how you braid it like that.";)

New laws in the US just mean more people from outside the US will be hacking US servers. "But the FBI will haul their asses in." Yea right. Let's see the FBI arrest someone from Cuba, China, or Russia! *[Ooooh we're breaking US laws!] *translated from Mandarin Actually, back in the early 90s, the U.S. passed a controversial law that basically says that the FBI _does_ have the power to go to other countries and arrest people who, say, smuggle drugs into the U.S. In fact, the U.S. is the only country in the world (to my knowledge) that claims police jurisdiction outside its borders. [This is all from memory. Anyone who can correct me/ provide more information, please speak up.] Beyond that nasty bit of foreign policy awkwardness, there are such things as extradition treaties, Interpol, etc. Basically, if you're a cracker working against U.S. targets (including the assets of U.S. corps in foreign lands), you probably fall into three categories: 1) Working for a government. You are a spy/ cyber-commando. Your deeds are acts of espionage and/or war. 2) Working for a corporation. You are a corporate hacker and subject to laws that govern such things. Since you're working for a corporation that bothers to, say, hack AOL's servers for information on their customers, you probably aren't working in the type of country that doesn't collaborate with the U.S. authorities to punish people like you. 3) Working on your own. You are a common thief, or possibly a terrorist, and your government probably won't protect you. The U.S., and other countries, have laws and methods to deal with all three. Computers are the tool. In the U.S.'s eyes, spies and terrorists are the users of that tool. The U.S. has spent the last 10 years throwing a lot of muscle at spies, terrorists, and smugglers-- foreign and domestic.

Or are we supposed to call it "herstory" when it diverges this far from reality?

I don't think we know much about how well the native americans lived inharmony with nature, but we do know that a few thousand years agonewcomers came from the *west* and, as near as we can tell, killed them alloff. These newcomers came to be known as "Indians" when Columbusthought he'd travelled to India. The name stuck, but modernly thereare folks calling this group "Native Americans."

This new group had a great many cultures, many of which were quitedifferent. Some were peacefull, licving with nature, etc. Otherswere warlike, violent, and bloodthirsty. Some of these torturedtheir captives, by such endearing methods as burning them alive totest their bravery. Others enslaved other groups. Still othersexterminated others completely. The paths across the continentof some of the warlike groups can still be traced by some of thecharacteristics of the groups they displaced.

Eventually another group showed up from the east. These were morewarlike than some, and quite less warlike than other of the nativeinhabitants. However, they were much better at war, and had betterweapons. They eventually ended up with most of the good land,regardless of whether the peaceful or warlike groups previously held it.

Unless you get your history from political rallies, the AmericanIndians/Native Americans/whatever were rather diverse. The mythabout universally living in peace and harmony with nature is justthat, a myth. Some did, some didn't.

While we are at it, let's pay bank robbers or people who break into your house. Obviously, they are just pointing out security weaknesses too. We could extend this courtesy to all sorts of so called criminals. Whatever....

A lot of this legislation is completely misguided, and often rooted in the hands of people who are completely clueless about what they are talking about in this area.

We can complain about the balance of certain laws (or laws in general) but it is not true that the Congress and various interagency committees are clueless. They are provided with expertise by various interested parties and respond to the concerns that they hear about. The Internet Alliance ("IA") is willing to take some credit for the final shape of the cybercrine report. You can see their news release at here [internetalliance.org]. The IA is concerned that any new laws would shift more responsibilty for enforcing the law onto the private sector which would be a form of tax. The news release cited above concludes with the statement that the IA was recently acquired by the Direct Marketing Association.

I happen to agree that there are plenty of laws available to prosecute "cybercriminals" when they do serious damage and the users of the web need to take more responsibility for making sure their own computers are secure.

Oh, please. If you would just drop the Randite Objectivism BS for two seconds, you would see that I'm actually arguing for a more libretarian attitude towards Internet government.

Most of the Internet problems that big business goes crying to about the government nowadays could be solved through technological mesaures. If companies would spend their effort working on a RBL-blacklist-on-steriods solution rather than calling in the FBI every time a script kiddie 0wnz them, or filing a lawsuit when they get one or two spam messages, the Internet would be able to govern itself just fine.

I'm sure if I had used a metaphor about the Boston Tea Party or something, you wouldn't have minded, since American colonists are an oppressed minority that were "better armed".

Government intervention, like stuffing a hamster up your own ass, seems like a good idea intially...

I think that this is a very valid comparison. I agree that people who think that government intervention is a good idea tend to be the same people who think that stuffing a hamster up your ass is a good idea. At least the IQ level and ability to foresee consequences seem to be the same.

Committees are for reference, but politicians may not understand what these committees are getting at. Also, the unfortunate downfall of our wonderful political system is the same of it strength. Politicians must bow the the whims of their constituents. While this may mean that they are controlled by the people, it also means that they have to get the attention of people. By passing an "anti-hacker" law, a legislator can get much more attention, than by voting it down, as their constituents may not understand/believe that it is misguided.

UCITA got voted up in my state... That is a good enough example. That document is an abomination, yet I am sure that next term, many delegates will say how they voted for it and it enables commerce.

I am sorry, but I maintain my position. I'm not saying that these people are foolish, but I am saying that they make mistakes... Or sometimes moves merely for political interest. And I am not decrying them for this. It is a necessary evil. The legal system will fix itself over time, this I know, that is what makes our country great. But Prohibition... Slavery... You get the picture.

There's already something similar (though not exactly what you're proposing). Security audits doing just this are often performed by 'tiger teams', whether by internal employees or external auditors hired for that purpose.

I work in network security for a large corporation, and the problem with the view that "hackers only point out weaknesses in your network, so you should thank them" is that they're exactly the people we need to keep out. This business of non-malicious vs malicious is not the point. Was the person authorized? No? Then it was wrong. Yes, I personally am glad they may not have had intent to do something further, since that means that there's less work to be done. But the fact that someone went somewhere they're not supposed to go is not excused by the fact that our security had a chink in it.

All that aside, authorized audits are a good thing. This way, you guarantee that they're not malicious (assuming you trust the auditors;> ), and still find holes.

Too late for karma but...As I noted in a previous story's thread, The Register had an article [theregister.co.uk] about a General Accounting Office report that basically says the DOJ is going about this in entirely the wrong way because of turf concerns.

The whole denial-of-service problem is being quietly fixed by people who are putting small changes into server and router code. What law enforcement does is largely irrelevant. In the end, all they can do is maybe find some kid and put him in jail. That isn't effective enough, because there are too many kids.

Packet traffic overloading from valid IP addresses Turn on fair queuing (plug: I invented that; see my RFCs) at the upstream router. Cisco routers do this for T1 and down by default; make sure it's on. Big sites generally have enough inbound bandwidth this isn't a killer problem.

Packet traffic overloading from invalid IP addresses This is the hard one. Turn on outbound filtering where possible. Routers need a feature that accepts a request to turn on record route for the next few seconds for packets to a specified destination. This makes possible a sort of "reverse traceroute". Requires R&D, a standard, and programs that implement it.

HTTP request overloading Impose fairness scheduling at the listen queue level. Needs R&D, some kernel coding, and support in the HTTP server, but isn't that hard.

Attacks on large numbers of machines A small percentage of machines on the net need to be booby-trapped to trace back, silently, attacks on them. There should be voluntary services to which you can subscribe (something like SpamCop [spamcop.com]) that takes attack reports, correlates them, and locates the offender. This doesn't need to be government-run; it's a reasonable business.

Doing this will actually fix the problem. Much more effective than holding press conferences.

If a company requests a security examination, the examiners can legally do to that company whatever the company says they can do. If someone does the same thing without permission it's vandalism, breaking & entering, property damage, or theft. An obvious example is the first act of the movie Sneakers [borders.com] . And any real system security auditor would simply give the administrator a description of the problems, not abuse them until discovered. The administrator would also be in a position to trust that no damage was done or back doors had been installed, and would be able to stop employees who discover the activity in progress from wasting time dealing with an apparent threat [fatbrain.com].

I hate to see a politician stand up at a podium and spout about how our world is at the mercy of "hackers." Or how "dangerous" those damn DoS attacks were a couple of weeks ago.

I believe it was Benjamin Franklin who said, when commenting on the lack of progess on revisions to the Articles of the Confederation (don't really know in what context this was said, if anyone out there knows the exact quote please post it or e-mail me), "if we take too much longer putting together this government, people might start to realise that they get along fine without us." If you don't want people to realise that they get along fine without you, you ought to make yourself seem important. Standing on the podium is one way to draw attention to yourself...

You missed the point. Do not stick "computer" ahead of any of those, and do not think up new penalty levels. Breaking & entering laws are fine, whether a computer is involved or not.

Break a $200 door and steal a $200 TV and you'll get the same penalty as making a system administrator use $400 of his time cleaning up a mess (actually, that's probably not enough money for most situations...).

how the fuck is your fucking web browser going to fucking know your fucking social security number and your fucking sexual preference?! IT IS NOT POSSIBLE TO DO THAT.

your browser does not generate cookies, servers do, so pull your opposable thumb from out of your ass, OR IS IT NOT POSSIBLE TO DO THAT?

And how would the server know? Well, have you followed the Doubleclick controversy? Do you have your own IP address, or do you share one with the rest of AOL? Because all of the cool people have their own IP address (I have 269 of them:), and when they go to Slashdot, and from there to somewhere else, read the story, back and post a comment... why, it does not take long to figure out who goes with which IP address if they're somewhat active. It's happening only rarely now, but all the records are accumulating, companies are merging... it's just not that far fetched.

Anyway, so the guy made a mistake. He's one out of thousands of people. If you've ever run a big mailing list or organized a big event (yeah, like your 10th birthday to infinity), you quickly come to realize that when 1000s of people are involved, just by probability alone a small number of perfectly intelligent people are going to miss the instructions, not see an obvious sign, etc. It's really no big deal. But when you make a big deal out of it when other people make a mistake, you then find yourself feeling especially humilated when you make a mistake yourself. Luckily, you still live with your mother and she can comfort you, but when you get big you'll realize that it's better to just explain things to people.

I hope to not catch too many flames from the Libertarians, but we could very well serve as a cluster of like-minded voters.

Not many people will disagree with me that there are laws that need to be changed, but the question remains - what should they be changed to? It is a lot more productive to not just start spouting out subjective opinions that certain things are wrong or right without weighing the options - and proposing resolutions.

Create propositions such as drop this law because (reason 1, 2, 3) cahnge this law to this other different law, or we really could use this other law. Discuss them to iron out the faults, get other's opinions (a forum like this works fairly well). Finally - press someone with power to make these changes.

"Indian cultures warred on each other with great ferocity. Indian agriculture resembled closely what we refer to as "strip farming".

One word: Bullshit. Europeans came over to the Americas and astonishedly proclaimed how backwards and ridiculous native american farmers were for being so gentile with their land. Native americans did not even have plows! The Iroquois (6 nations) civilization was built upon a highly efficient and organized method of farming, of a scale virtually unparalleled in history. Only now, with "modern" agricultural science are we realizing how truly _sustainable_ and efficient Indian agriculture, like mound farming is, in comparision to the traditional "rip up the earth and move on" approach.

Native civilizations did have wars, but in many cases that was part of thier/culture/. In any case, the wars they had were certainly not of the "wipe you off the face of the earth because you are a savage and we like your land" scale.

"In other words, they were real people with as many faults and warts as their European invaders, who were simply better armed."

Yes, like the fault of trusting Europeans and being savagely slaughtered and wiped out while being lied in the face to. I guess they deserved what they got, right?

"Please folks, don't get your image of native Americans from John Wayne films."

Really, I think/you/ shouldn't get your ideas about native americans from westerns. How about getting clued in...read "Custer Died For Your Sins", or, why not just talk to a Native American...that is if you can find some left.

And don't forget to go see "City of Gold" in which a couple of happy-go-lucky spanish explorers wipe out an entire civilization of native people with comic hyjinks in their greed for a city made out of pure gold.

I think i was agreeing with that point... No one needs to think up new crimes or anything... Existing ones are fine. But just to differentiate, i'd say add "computer" to thing beginning. So people look at your background know for instance that you're a nerd, and not a violent offender:)

But overall... I'd say we're all aware that todays computers (all of them, save for maybe the ones in classified government installations) have security flaws. WE don't need the point proved over and over. We don't need people thinking up tools to release to the public without giving vendors time to actually make fixes, or even worse, in the case of DDOS, releasing tools where there really are no feasible fixes and no one to point fingers at. The points already proven, we don't need it proven anymore.

The scarey part is that the only laws they've passed before sayingthis are ones to protect Big Bussiness and Copyrights. They say that they are goin to back out just as Amazon and DoubleClick actualy start ASKING them to get involved so that they don't look like the bad guys. Ok, so Amazon is taking a lot of crap for their practices, so they ask the governemnt to look at changing the rules so that they don't have to back down, but still come off looking like good guys, a few days later, the US government desides that, for the first time sense Peal Harbor, they don't want to be involved in something? Umm, anyone else see a problem. Remember, just because you're paranoid, doesn't mean "They" aren't out to get you.

The reason behind the "no new laws" (or "not a lot of new laws") announcement has more to do with the Internet's enormous influence on the US economy than any respect for privacy. Passing more anti-privacy laws might slow down the nascent economic juggernaut that is the Internet and upset powerful corporations like Time-Warner/AOL. For that reason alone the gov't makes the claim that no new laws are needed.

But...Just wait a few years until the Internet is even more established in the US economy and more people rely on it in their daily lives. Right now, many people in the US are still extremely worried about privacy and because of that do not shop online. The mega-corporations and the gov't hope that announcements like those of today will help bring about a change in this attitude. Once this is accomplished and there is a greater social acceptance of and reliance on the Internet, more and more anti-privacy laws will be proposed - most likely under the hypocritical guise of extending our privacy! The US government serves the interest of the large corporations - that's why Attoney General Reno was flanked by a "top lawyer from AOL" and not a top lawyer from the American Civil Liberties Union, who probably were not even consulted.

The USA has roughly 4% or the world's population and about 50% of the world's prisoners - the majority of which have been convicted of non-violent crimes. This speaks volumes for our tendency to want to solve every social problem by passing laws and putting people in jail. Unless we don't get complacent, it's only a matter of time before we lose what privacy we have left not only on the internet.

Prediction: within the next 10 years, some US state will arrest, convict and execute someone for violating new Internet laws.

All you need to do is install a new program called Hymen. As you might guess, Hymen is a firewall that is automatically destroyed when attackers forcefully probe your network. Once someone has penetrated your Hymen, the only way to repair it is by purchasing a $40K patch file. Now you can get the FBI involved... Of course you forty grand would be returned after the sucessful prosecution of the hackers.

I wouldnt be surprised to see something like this on Freshmeat in a couple of days.

"This administration"? When was the last time you saw an administration--local, state, or federal--that passed up an opportunity to be "tough on crime"? The elected officials responded to the population on this one, buddy. Tough on crime gets votes, whether it's hacking/phreaking/carding or smoking that evil wacky-weed or holding up a liquor store. This administration has, like those before it (and probably after it) only done what the public wants: lock 'em up and throw away the fucking key.

If you want to see this kind of thing stopped, we have GOT to start explaining to people why this whole "tough on crime" thing has gone way overboard. The voters have responsibility in this to a GREATER degree than do the elected officials, whether they are Democrat or Republican. The electorate gets scared, they begin writing their representatives to "do something", and we draconian laws passed. The legislators are responsible for passing the laws, but more often than not it is in response to their constituents wishes.

Many religions, including my wife's, feel that writing the Creator's name is blasphemy, particularly in discourse not directly related to religion. "G-d" is a common workaround and solves the problem nicely. I don't see what the problem is.

So, when I call you a G-ddammed idiot, I'm doing the right thing for two reasons: a) it's true, and b) it's not strictly blasphemous.

I can't remember all that much from my history classes, but I do remember that they learned the scalping practices from the various European and American fur trading companies, who were interested in getting as many furs as they might be able to... they fought vividly, and then began hiring the native americans to kill their enemies. However, the natives began to claim that they had killed several of the other group that they had, in fact, not. The traders caught onto this, and taught them to scalp... and, since the two groups (Don't remember what the two major ones were), had distinctively different hair colors, they could then prove that they did, in fact, kill them. Ok, so it may not all be right, but that's the jist of it... or so said my US History teacher. I'd appreciate it if someone who knew more about it would let me know?;)

This administration has, like those before it (and probably after it) only done what the public wants: lock 'em up and throw away the fucking key.

Except for that little report a few months back saying that there were several thousand high school students found having weapons, and three were prosecuted. The politicians made grand speeches to stop school violence, passed laws for scanners and the like in schools, and what happens? They take the gun away and tell the criminal to go back to study hall.

The Democrat party especially uses emotion to convince the American people to elect them. So these incidents give them some prime spots on TV. But as we have seen in New York with Mayor Giuliani, actually enforcing the laws (even petty ones) sends the message that you won't get away with crime. That, my friend, is being Tough on Crime and being successful. When our young criminals' only fear is having to go back down the street to pick up a new gun, well that sends a message just as loud and clear.

The other AC pretty well explained the Conservative position of less laws. Each law like these gun/tobacco hot buttons only removes one more freedom. I'll leave you with this, "Those who have known freedom and then lost it have never known it again." Violence in our schools is a bad thing, but I won't let it take away my freedoms.

A few days ago everyone was decrying the DMCA for being a bunch of crap designed to solely benefit big greedy corporations. Now the Clinton administration states that existing laws are sufficient, and THIS is a bunch of crap done for the businesses.

Ok, I'll buy that. No new intervention is better than some bad intervention. I guess I was a little pessimistic, but I've listened to people like Al Gore for way too long stick their nose in and take credit for things they're not involved in. US government is really good for that. Every opportunity to stick a law or regulation into something like the internet is not taken lightly. The fact that this report goes against that is something to be happy about.

Take pride, Wraithlyn, it's not too often someone can change my mind like that.:) --

We live in a big world. We also have a big internet. There's thousands of e-tailers, huge companys, former Brick and Morters, etc etc that are "coming online and ruining the internet". No. They're not. The internet is huge. Sure, they have the domain names and the newbies and the money. So what? Does that mean you can't still have your web page, with basically (as far as the law allows) pretty much anything you want on it? Does AOL having millions of visitors stop people from coming to you page?

No. It most likely brings more people, because the number of users is WAY up, and maybe someday one of those newbies will see what you're saying. No harm in that. New laws are scary. I don't think we need them. But this isn't like the old west. "They" aren't taking our land; "they" are building around it, and "they" might be trying to get in. It's still you web page. It's still your newsgroup. Be happy that millions of new people have the joys of getting online easily and might think for themselves one day.